The administrator user has the ability to change the entire WordPress site and is obviously a user account worth protecting. One best practice for protecting the administrative user is the change the username from the default (“admin”) to something else (e.g. “zadmin”). This will help prevent an attacker from guessing a password in a brute-force style attack.
There are two general ways to do this. The first is to create a new administrator user account and delete the original “admin” account. The second method is to use a security plugin that will do the name change for you. Wordfence is a reputable plugin that will take care of this change for you. Wordfence will also allow you to configure email alerts when an administrator logs in. This will alert you immediately in the event that an attacker gets into your WordPress site as an administrator or if an authorized user has logged in as an administrator.
For more information on this topic please reach out to us; we’re here to help!